i've seen this but if i use this it means that i have to wrewrite my app on how they access the session and my app is lit bit large so i have to invest quite time that i'd rather use a JWT than doin this.